4000 Router Series Fundamentals Configuration Guide

[Router-isp-abc] authentication login radius-scheme abc

[Router-isp-abc] quit

# Verify that you can use all read and write commands of the features radius and arp. This example uses

radius.

[Router] radius scheme rad

[Router-radius-rad] primary authentication 2.2.2.2

[Router-radius-rad] display radius scheme rad

…

Output of the RADIUS scheme is omitted.

# Verify that you cannot configure any VLAN except VLANs 1 to 20. This example uses VLAN 10 and

VLAN 30.

[Router] vlan 10

[Router-vlan10] quit

[Router] vlan 30

Permission denied.

# Verify that you cannot configure any interface except Ethernet 1/1 to Ethernet 1/24. This example uses

Ethernet 1/2 and Ethernet 1/25.

[Router] vlan 10

[Router-vlan10] port ethernet 1/2

[Router-vlan10] port ethernet 1/25

Permission denied.

RBAC configuration example for HWTACACS authentication

users

Network requirements

The router in Figure 5 uses local authentication for login users, including the Telnet user at 192.168.1.58.

This Telnet user uses the username test@bbb and is assigned the user role level-0.

Configure the remote-then-local authentication mode for temporary user role authorization. The router

uses the HWTACACS server to provide authentication for the level-0 to level-3 user roles. If the AAA

configuration is invalid or the HWTACACS server does not respond, the router performs local

authentication.

Figure 5 Network diagram